How To Generate Ssh Key With ssh-keygen In Linux

Ssh is a secure and popular protocol for managing different type of IT devices like Linux systems, Network devices etc. What makes ssh secure is the encryption of the network traffic. Network traffic is encrypted with different type of encryption algorithms. There is also user authentication done with encryption algorithms. These algorithms needs keys to operate. Keys are generally produced with auxiliary tools. ssh-keygen is defacto tool used by ssh and other applications to create different type of keys. In this tutorial we will look how it works.

Public Cryptography

We will look some terms and concepts about public cryptography in this part. In public cryptography there is two keys. These keys are called public and private. Public keys are known by others to create encrypted data. Private keys are only known by its owner. Data are encrypted by public keys by anyone but only the private key owner can decrypt the message. So keeping private key is important. ssh-keygen is used to create different type of public-private keys.

Configuration Files

There are some configurations files those used by ssh. We will look the public private keys related configuration files.

~/.ssh/identity.pub contains the protocol version 1 RSA public key

~/.ssh/id_dsa contains the protocol version 2 DSA authentication identity of the user.

~/.ssh/id_dsa.pub contains the protocol version 2 DSA public key for authentication

~/.ssh/id_rsa contains the protocol version 2 RSA authentication identity of the user

~/.ssh/id_rsa.pub contains the protocol version 2 RSA public key for authentication

Generate Keys

Generating key without any parameter is very easy. This will generate with default values and options a key. This will take 3 step just enter after issuing the sshkeygen command.

Set Key File Name and Path

Now we will specify the path key files to be saved. We do not enter a path if we want to use default path which is ~/.ssh/id_rsa

1

Enter file inwhich tosave the key(/home/ismail/.ssh/id_rsa):

Encrypt Private Ssh Keys

Now we will enter passphrase but we will not. Where our private key will

1

Enter passphrase(empty forno passphrase):

Again do not enter passphrase

1

Enter same passphrase again:

Generate Keys

Generate RSA Key

In previous example we have generated ssh key with default settings. The default settings was like below.

RSA

2048 bit

But we can specify the public key algorithm explicitly by using -t option like below.

1

$ssh-keygen-trsa

Generate RSA Key

Generate DSA Key

DSA is less popular but useful public key algorithm. DSA keys can be generated by specifying key types with -t dsa

1

$ssh-keygen-tdsa

Set Key Size

Keys have different size for different purposes. Bigger size means more security but brings more processing need which is a trade of. We can specify the size of the keys according to our needs with -s option and the length of key. The size count specifies bits in a key. So following example will create 1024 bit key.

1

$ssh-keygen-b1024

Set Key Size

Write Keys To File

Created keys will be written to the ~/.ssh with related name. This default behavior can be changed with -foption and file with path. In this example we will write keys to the current users home directory.

As we can see the path is not asked to us because we have all ready provided explicitly.

Encrypt Generated Keys

Private keys must be protected. There are different ways to protect privates. We should use symmetric cryptography to crypt private key. ssh-key all ready provide this feature. We will set password to access to the private key. In interactive run the passphrase is asked but we can also specify explicitly while calling command with -N option like below. We will provide passphrase in clear text. This passphrase also saved in bash history file which will create a security vulnerability. Keep these while using option based encryption of public keys.